Fixed!!
I know I promised not to post twice in one day, but I needed to post this….and I’ll likely be posting a third post with all the NaBloPoMo links later today, too.
So, I generally love my hosting company (Dreamhost), but I have to say, I’m really kind of annoyed with them right now.
When this mess started Monday morning (GMT), they sent my problem to one of their specialists. I didn’t hear back until Tuesday afternoon (GMT), and most of what they told me to do had nothing to do with my problem – For example, I got told to update software on other domains and sub-domains when the ONLY sub having any issue at all was blog.beccajanestclair.com. So, I turned to google (via Swagbucks*) for help.
I tried the Google Webmaster Tools, and Google pinpointed three files as being “infected” – my about this blog page, a photo page from an August blog, and I forget the third. I deleted those three pages and the photos that had been displayed on those pages, and will need to re-write an about this blog page tomorrow. Dreamhost had not mentioned these files, only 2 files that were buried deep within 6 folders of a theme I hadn’t even ever used, which I also deleted. I then decided if the themes really were the problem, I had better go through and remove all the wordpress themes I wasn’t using. Dreamhost suggested re-installing my current theme, but unfortunately download links to it no longer exist. I had decided I would search for a similar looking theme, and take my css sheet from the current theme to make a new theme look like the current theme if I had to.
I had about 10 help sites open by this point, so I can’t tell you which site it was that actually gave me this idea, but I went into the WordPress theme editor and opened all the php files for my current them and really looked at them. My coding skills aren’t super or anything, but I was confident I would notice something off, as I have modified most of the php files marginally to achieve my custom theme. Sure enough, at the top of every single php page was a random string of code. Please note, Dreamhost did not suggest doing this. Dreamhost did not even tell me what string of code to look for, and did NOT detect the string of code in all my php files when they looked. The files they had told me to delete had been css files, but the css file for my current theme was the only part of my theme that was clean! I removed the string of code from all the files, and then went into FileZilla and checked all the other php files on my server. Nothing else was infected. I also took this time to remove lots of old files, and to remove previous incarnations of my website, including the very first version using frames and a version using python. I don’t think I needed to remove these files, but I figured I might as well start to clean up my stuff, since I have now held my domain for nearly 10 years. The me of 10 years ago (age 21!) is very different than the me I am now, and while I had the old pages buried deep in random folders, I really don’t think I want anyone finding them.
And good news from google, too – I just checked the webmaster tools and it says:
Status of the latest badware review for this site: A review for this site has finished. The site was found clean. The badware warnings from web search are being removed. Please note that it can take some time for this change to propagate.
Woot.
So. Rebecca: 1 Dreamhost: 0
*Oh, and when I started googling with Swagbucks yesterday, my points count was 649. As of right now, I have 721 swagbucks, a little over a 100 to go for another £5 Amazon voucher!
[LJ readers reading this on the LJ RSS feed: Please click on the link at the top of the entry to go directly to my blog to leave a comment, as comments left on the LJ RSS do not get seen by me. Facebook users can comment directly on Facebook.]
No commentsNo comments yet. Be the first.
Leave a reply